Internet service providers (ISPs) may be required by local, state or federal law enforcement agencies to capture data traffic from a particular target entity, such as a network device associated with a particular location or person for purposes of law enforcement and cyber-security. ISPs generally utilize IP network lawful intercept mechanisms that control, manage and capture the data traffic being received and sent to the monitored target entity. This typically involves physically installing an analysis device inline in the data path between the monitored target entity and the access network of the ISP. Multiple analysis devices may be installed such that each analysis device manages and captures data traffic for a corresponding monitored target entity.
As the number of monitored target entities increases, equipment, and installation costs for physically installing a separate analysis device for each monitored target entity also increases, which can become cost prohibitive. Further, the installation of an analysis device on the data path between the network router and the target entity requires temporarily disrupting service to the monitored target entity. In addition, the analysis device dedicated to the monitored target entity is not in use during times when the monitored target entity is not sending or receiving data packets. Therefore, the current IP network lawful intercept mechanism is not only costly to implement and disruptive, but also inefficient.